ref: master
app/controllers/application_controller.rb
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 |
require 'noosfero/multi_tenancy' class ApplicationController < ActionController::Base protect_from_forgery include NoosferoHttpCaching before_filter :detect_stuff_by_domain before_filter :init_noosfero_plugins before_filter :allow_cross_domain_access include AuthenticatedSystem before_filter :require_login_for_environment, :if => :private_environment? before_filter :check_admin before_filter :verify_members_whitelist, :if => [:private_environment?, :user] before_filter :redirect_to_current_user before_filter :authorize_profiler if defined? Rack::MiniProfiler around_filter :set_time_zone before_filter :set_session_theme # FIXME: only include necessary methods include ApplicationHelper # concerns include PermissionCheck include CustomDesign include NeedsProfile # implementations include FindByContents include Noosfero::Plugin::HotSpot include SearchTermHelper def set_session_theme if params[:theme] session[:theme] = environment.theme_ids.include?(params[:theme]) ? params[:theme] : nil end end def require_login_for_environment login_required end def verify_members_whitelist render_access_denied unless @user_is_admin || environment.in_whitelist?(user) end after_filter :set_csrf_cookie def set_csrf_cookie cookies['_noosfero_.XSRF-TOKEN'] = form_authenticity_token if protect_against_forgery? && logged_in? end protected def set_time_zone return yield unless (utc_offset = cookies['browser.tzoffset']).present? utc_offset = utc_offset.to_i gmt_offset = if utc_offset == 0 then nil elsif utc_offset > 0 then -utc_offset else "+#{-utc_offset}" end Time.use_zone("Etc/GMT#{gmt_offset}"){ yield } rescue ArgumentError yield end def check_admin @user_is_admin = user && user.is_admin?(environment) end def allow_cross_domain_access origin = request.headers['Origin'] return if origin.blank? if environment.access_control_allow_origin.include? origin response.headers["Access-Control-Allow-Origin"] = origin unless environment.access_control_allow_methods.blank? response.headers["Access-Control-Allow-Methods"] = environment.access_control_allow_methods end response.headers["Access-Control-Allow-Credentials"] = 'true' elsif environment.restrict_to_access_control_origins render_access_denied _('Origin not in allowed.') end end layout :get_layout def get_layout return false if request.format == :js or request.xhr? theme_layout = theme_option(:layout) if theme_layout (theme_view_file('layouts/'+theme_layout) || theme_layout).to_s else 'application' end end def log_processing super return unless Rails.env == 'production' if logger && logger.info? logger.info(" HTTP Referer: #{request.referer}") logger.info(" User Agent: #{request.user_agent}") logger.info(" Accept-Language: #{request.headers['HTTP_ACCEPT_LANGUAGE']}") end end helper :document helper :language before_filter :set_locale def set_locale FastGettext.available_locales = environment.available_locales FastGettext.default_locale = environment.default_locale || :en_US FastGettext.locale = params[:lang] || session[:lang] || ENV['LANG'] || environment.default_locale || request.env['HTTP_ACCEPT_LANGUAGE'] || :en_US I18n.locale = FastGettext.locale I18n.default_locale = FastGettext.default_locale if params[:lang] session[:lang] = params[:lang] end end attr_reader :environment # declares that the given <tt>actions</tt> cannot be accessed by other HTTP # method besides POST. def self.post_only(actions, redirect = { :action => 'index'}) before_filter(:only => actions) do |controller| if !controller.request.post? controller.redirect_to redirect end end end helper_method :current_person, :current_person protected before_filter :load_active_organization, except: :select_active_organization def load_active_organization id = nil return unless user if id @active_organization = environment.profiles.find_by_id id elsif cookies[:active_organization] @active_organization = environment.profiles.find_by_id cookies[:active_organization] else @active_organization = user.memberships.first end @active_organization = nil unless @active_organization and @active_organization.members.include? user cookies[:active_organization] = @active_organization.id if @active_organization end def accept_only_post return render_not_found if !request.post? end def verified_request? super || form_authenticity_token == request.headers['X-XSRF-TOKEN'] end def boxes_editor? false end def content_editor? false end def user current_user.person if logged_in? end alias :current_person :user # TODO: move this logic somewhere else (Domain class?) def detect_stuff_by_domain # Sets text domain based on request host for custom internationalization FastGettext.text_domain = Domain.custom_locale(request.host) @domain = Domain.by_name(request.host) if @domain.nil? @environment = Environment.default # Avoid crashes on test and development setups if @environment.nil? && !Rails.env.production? @environment = Environment.new @environment.name = "Noosfero" @environment.is_default = true end else @environment = @domain.environment # do this conditionally to allow organizations to show theirs users inside their domains @profile = @domain.profile if params[:profile].blank? # do no redirect to as facebook applications that can only have one domain return # Check if the requested profile belongs to another domain if @domain.profile and params[:profile].present? and params[:profile] != @domain.profile.identifier @profile = @environment.profiles.find_by identifier: params[:profile] return render_not_found if @profile.blank? redirect_to url_for(params.merge host: @profile.default_hostname) end end end # FIXME this filter just loads @plugins to children controllers and helpers def init_noosfero_plugins plugins end def render_not_found(path = nil) @no_design_blocks = true @path ||= request.path # force html template even if the browser asked for a image render template: 'shared/not_found', status: 404, layout: get_layout, formats: [:html] end alias :render_404 :render_not_found def render_access_denied(message = nil, title = nil) @no_design_blocks = true @message = message @title = title # force html template even if the browser asked for a image render template: 'shared/access_denied', status: 403, formats: [:html] end def load_category unless params[:category_path].blank? path = params[:category_path] @category = environment.categories.find_by(path: path) if @category.nil? render_not_found(path) end end end def authorize_profiler Rack::MiniProfiler.authorize_request if @user_is_admin end def find_suggestions(query, context, asset, options={}) plugins.dispatch_first(:find_suggestions, query, context, asset, options) end def private_environment? @environment.enabled?(:restrict_to_members) end def redirect_to_current_user if params[:profile] == '~' if logged_in? redirect_to url_for(params.merge profile: user.identifier) else render_not_found end end end include UrlHelper end |